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Abstract 

In this paper we suggest a method by which reference broadcast synchronization (RBS), 
and other methods of estimating clock values, can be incorporated in standard clock synchro- 
nization algorithms to improve synchronization quality. We advocate a logical separation of 
the task of estimating the clock values of other nodes in the network from the task of using 
these estimates to output a logical clock value. 

The separation is achieved by means of a virtual estimate graph, overlaid on top of the real 
network graph, which represents the information various nodes can obtain about each other. 
RBS estimates are represented in the estimate graph as edges between nodes at distance 2 from 
each other in the original network graph. A clock synchronization algorithm then operates on 
the estimate graph as though it were the original network. 

To illustrate the merits of this approach, we modify a recent optimal gradient clock syn- 
chronization algorithm to work in this setting. The modified algorithm transparently takes 
advantage of RBS estimates and any other means by which nodes can estimate each others' 
clock values. 



1 Introduction 

The evolving field of wireless networks poses new and interesting challenges to time synchro- 
nization, leading to renewed attention to this venerable problem in recent years. Sensor networks 
in particular are subject to constraints on computation power and energy consumption, and often 
require a greater degree of synchronization than traditional distributed applications. 

In a multi-hop sensor network it is frequently the case that neighboring nodes must be closely 
synchronized, while far-apart nodes can tolerate greater clock skew: neighboring nodes interfere 
with each other when they try to transmit, and are also more likely to cooperate for the purpose of 
some local computation. This gives rise to the problem of gradient clock synchronization, in which 
the synchronization between two nodes improves the closer they are to each other. The problem 
was first formulated in [6], where it is shown that in a network of diameter D, no algorithm can 



1 



guarantee a skew that is better than f2(log D / log log D) even between adjacent nodes. Subsequent 
work has improved the lower bound to f2(log D), and come up with algorithms that match it ifTTl 

m. 

The wireless broadcast medium also offers opportunities for better synchronization. Although 
contention may cause unpredictable delays before a message is broadcast, once a message is trans- 
mitted, it is received by all nodes in the sender's neighborhood almost instantaneously. Reference 
broadcast synchronization (RBS) @ takes advantage of this to let the neighbors of the sender esti- 
mate each other's clock values with great accuracy. RBS can be extended to multi-hop networks, 
to allow any node in the network to estimate the clock value of any other node. However, by it- 
self, RBS does not output a logical clock at every node, and so it is not a clock synchronization 
algorithm in the traditional sense. 

In this paper we suggest an approach by which RBS, or any other estimation method (including 
external time sources), can be seamlessly incorporated in many clock synchronization algorithms, 
in order to reduce the effective diameter of the network and achieve better synchronization. We 
suggest a separation between the estimate layer, which is responsible for estimating other nodes' 
clock values, and the algorithm that uses these estimates to compute a local logical clock. The es- 
timate layer runs underneath the algorithm and provides it with an estimate graph G cst . Each edge 
{u, v} of G est represents an estimate that node u can get for node u's clock value (and vice-versa), 
along with an associated uncertainty. RBS estimates are represented in G est as edges between 
nodes at distance 2 from each other in the original network graph. 

Almost any clock synchronization algorithm can be used on top of the estimate layer, as long 
as the algorithm can handle networks with non-uniform uncertainty on the links. The resulting syn- 
chronization between nodes u, v depends on their effective distance dist(it, v), and on the effective 
diameter of the network graph. These are defined by the corresponding distances in the estimate 
graph G cst . Using RBS it is possible to reduce the effective diameter to 0((p • T + « rcv ) • D + T), 
where D is the diameter of the original network, T is a bound on the message delay, p is a bound on 
clock drift (typically very small), and u rcv is a bound on the receiver uncertainty (also very small 
HI), which bounds the time it takes a node to process a message it receives. 

Our main contributions are as follows. In Section|4]we define the estimate layer, and show how 
to incorporate point-to-point messages and RBS. In Section [5j we illustrate the applicability of our 
approach by modifying the algorithm of lfl2l to work on top of the estimate layer. Significantly, 
this involves extending it to a heterogeneous network; in lfT2l it is assumed that all links are subject 
to the same bounds on message delay. Finally, in Section [6] we prove that the algorithm achieves 
gradient clock synchronization, with the skew between nodes u and v bounded by 0(dist(u, v) • 
\og 1 j p D) in networks with effective diameter D and drift bounded by p. This is asymptotically 
optimal. The proof is based on the proof in lfl2l . but in our view it is cleaner and somewhat simpler. 

In a companion paper to this one iflOl . we consider the problem of gradient clock synchroniza- 
tion in dynamic networks, and show that the weighted-graph approach employed here is useful in 
that context as well. 
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2 Related Work 



The problem of establishing a common notion of time is at the core of many distributed systems and 
applications and has thus been widely studied, both from a theoretical and a practical point of view. 
In most of the existing work on clock synchronization, the nodes of a network compute estimates 
about each others' clock values by exchanging messages. Based on the obtained information, each 
node computes a local logical clock. Typically, the accuracy of clock estimates is determined 
by the uncertainty about the propagation delay of messages. In lfl3l . it is shown that even if 
hardware clocks experience no drift, no clock synchronization algorithm can prevent a clock skew 
of Q(D) in a network of diameter D. This lower bound on the maximum clock skew between 
any two nodes is matched by an algorithm described in |[T8l and by many subsequent algorithms 
(e.g. m|5l[T2l[TT][T4l[T5l). ^^ oc ^ svncri ronization algorithms and lower bounds that accommodate 
non-uniform propagation delays are described, for example, in ffl[3l|7]]. 

In [6], Fan and Lynch introduced the gradient clock synchronization problem. It is shown that 
even on a path of length D, no algorithm can guarantee a clock skew smaller than Q (log D / log log D) 
between adjacent nodes. This bound has been improved to U(logD) in lPT2l and it is shown in 
lfTTl [T2l that the new bound in indeed tight. 

The special properties, constraints, and requirements of wireless ad hoc and sensor networks 
make clock synchronization especially challenging. There is a considerable amount of work on the 
problem (e.g. (5j[T6l[T7j[T9l). Particularly interesting is the work on reference broadcast synchro- 
nization JU [H, which exploits the property of sharing a single communication channel to obtain 
high accuracy clock estimates of nearby nodes. 

3 Preliminaries 

In the sequel we use E-° to denote the set of non-negative reals and N >0 to denote the positive 
integers. 

We model a wireless network as an undirected graph G = (V,E), where V is the set of 
nodes, and {u, v} E E iff u is in range of v and vice-versa. We abstract away low-level details 
of contention management, message loss and so on, by assuming reliable message delivery with 
message delays bounded by a parameter T. 

Each node v in the network has access to a local hardware clock H v , which is subject to drift 
bounded by p < 1. We assume that for all t\ < t 2 , 

(1 - p)(t 2 - h) < H v {t 2 ) - H v (h) < (1 + p)(t 2 - h). 

It is also assumed that the hardware clock increases continuously and (for the analysis) is differen- 
tiable. 

The goal of gradient clock synchronization is to output a local logical clock L v at every node 
v, which is closely-synchronized with all the other logical clocks. Formally, an algorithm is said 
to achieve /-gradient clock synchronization, for a function / : R-° — > R-°, if it satisfies the 
following requirement. 
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Requirement 3.1. For all u, v G V and times t we have 

L v (t)-L u (t) </(dist(u,u)) 



Here dist(u, v) stands for the distance between u and v; informally, the distance corresponds 
to the quality of information u and v can acquire about each other. Traditionally, dist(u, v) was 
defined to be the minimal sum of uncertainties about message delays on any path between u and v. 
In this work we re-define dist(u, v) to take into account reference broadcast synchronization; for 
details, see Sec. [5] 

In addition to /-gradient synchronization, we require the logical clocks to behave like a "real" 
clock. Specifically, the logical clocks should be non-decreasing, and they should always be within 
a linear envelope of real time. This is captured by the following requirement. 

Requirement 3.2. There exist a G (0, 1) and j3 > such that for all t\ < t 2 , 



In particular, the logical clocks are continuous. The algorithm we present in Sec. [5] outputs 
logical clocks that are also differentiable if the hardware clocks are differentiable. 

4 The Estimate Layer 

The estimate layer encapsulates point-to-point messages, reference broadcast synchronization, and 
any other means the nodes in the network have of obtaining information about the logical clock 
values of other nodes. The estimate layer provides an undirected estimate graph G est = (V, E est ), 
where each edge u, v G E est represents some method by which nodes u and v can estimate each 
others' logical clock values. Note that G cst can be different from the underlying network graph G; 
for example, RBS is represented in G cst as edges connecting nodes at distance 2 from each other 
in G. We use N(u) to denote it's neighborhood in G cst : N(u) := {v G V \ u, v G E 108 *}. 



The estimate layer provides each node u G V with a set of local variables <L^:v£ N(u) 



which represent u's current estimates for the logical clock values of its neighbors in G est . Since the 
estimates are typically inaccurate, we associate with every edge e G E c>it an uncertainty e e . The 
estimate layer guarantees the following property. 

Property 4.1 (Estimate quality). For any edge (u, v) G E est and time t, we have 



Some common methods of obtaining logical clock estimates are described below. We describe 
each method and bound the error associated with it, and then show how to combine multiple meth- 
ods so as to guarantee Property [4. II 



(1 - a)(t 2 - h) < L u {t 2 ) - L u (h) < (1 + 0)(t 2 ~ h). 




L v (t) - e{ Uj „} < L v u (t) < L v (t) + e{ Ujt ,}. 
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Direct estimates. As in lfl2l . we assume that every node broadcasts its logical clock value to all 
its neighbors once every subjective AH time units (that is, after its hardware clock has increased 
by AH), where AH is a parameter. These messages provide a direct estimate of the node's logical 
clock value. When a receive(-u, v, L) message occurs at time t, node u sets 

jju, direct ^ 

Between messages from v, node u increases Lu direct at the rate of its own hardware clock. 
In Appendix lAl we show that the error of a direct estimate is bounded by 

-(a + p) + Tj < L v (t) - Ll' di ™\t) <((3 + p) +T)+(1- p)T. 

(Note that at this point our error bound is asymmetric. We later show how to come up with a 
symmeUic guarantee in the style of Prop. 14. ll ) 



RBS estimates. An RBS estimate is obtained by comparing the logical clock values that various 
nodes recorded when some common event occurred; in our case, the common event is a broadcast 
by a shared neighbor. We use 7i u to denote node it's history, a set of triplets (x, H, L) where x is a 
unique event identifier and H, L are node u's hardware and logical clock values (respectively) when 
it observed the event. After recording an event, the node sends a report(ti, x, L) message, which 
is propagated by other nodes until it reaches all other nodes that observed the same event. In our 
case, report(-) messages need to be re-broadcast only once, so that they reach the 2-neighborhood 
of the node that originated the report. 

The accuracy of RBS depends on two factors. 

1. Receiver uncertainty: this is the time required for nodes to process the common event and 
record their logical clock value. The receiver uncertainty is bounded by u rcv if whenever 
an event x occurs at real time t, there is some L € \L u (t), L u (t + u rcv )] such that for all 

t' >t + u ICV we have (x, L) 6 H u (t'). 

2. Propagation delay: report(-) messages are subject to the usual message delay. This con- 
tributes to the inaccuracy of the estimate, because while the report is propagated the clocks 
may continue to drift apart. 

We say that the propagation delay is bounded by V if whenever a node u experiences an 
event x at real time t, every node v € N 2 (u) receives a report(n, x, L) message no later than 
time t + V. 

In our case, because report (•) messages need to be re-broadcast only once, the propagation 

delay is bounded by V < u rcv + 2 (^r| + a ft er observing the event, node u waits at 

most time units and then broadcasts the message, which takes at most T time units to 
arrive; its neighbors do the same. 



5 



When node u receives a report(u, x, L) message at time t, it looks up the corresponding triplet 
(x, H', L') recorded in its own history. It uses H u — H' to estimate the time that has passed since 
x occurred, and sets 

L v / bs ^L + H u -H'. 

Every broadcast by a node is an event that its neighbors can use to get estimates of each others' 
logical clock values. 

In Appendix [A] we show that RBS estimates are accurate up to the following bound. 

-(a + p) (j^ +Vj-(1- a)u TCV < L v (t) - L^ rbs (t) < 

< (P + p) + n + C 1 - /°Kcv 

Combining multiple estimates. As we have seen, each node may have multiple ways of esti- 
mating the clock values of its neighbors in G est . Let Liu , ■ ■ ■ , L>u m be the various estimates that u 
has for v's logical clock value, and let ej^, . . . , e™ w and e^igh' • • • > e high ^ e error bounds such that 
for all i G {1, . . . , m} and time t, 

-eL<M*) <4igh- 
Node u computes a combined estimate with symmetric error, given by 

min (Lf (t) + e^gh) - max (£*•*(*) - ej ow ) 
K(t) := J 2 I V >-. (2) 

The uncertainty of the combined estimate is bounded by 

{ e low + e high I 
5 J 

5 An Optimal Gradient Clock-Synchronization Algorithm 

In this section we modify the algorithm of fl2l to work on top of the estimation layer presented 
in the previous section. To satisfy Requirement 13.21 the algorithm increases the logical clock in a 
continuous manner, with no discrete jumps. At each point during the execution a node is either in 
fast mode or in slow mode. In slow mode, u increases its logical clock at a rate of 4{H u (t); in fast 
mode, the logical clock rate is (1 + p)4iH u (t), where p is a parameter. 

Each node continually examines its estimates for the logical clock values of its neighbors in 
G cst . To compensate for the uncertainty on edge e we use a parameter K e , which must satisfy the 
following. 
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Property 5.1 (Requirement on n e ). For any edge e G E we require n e > j ■ e e , where A < \ is 
some constant. 

If a node u finds that it is too far behind, it goes into fast mode and uses the fast rate of 
(1 + /j,)-^H u (t). The following rule is used to determine when to go into fast mode; informally, it 
states that some neighbor is far ahead, and no neighbor is too far behind. 

Definition 5.1 (Fast condition FC). At time t, a node u G V satisfies the fast condition, denoted 
FC, if there is some integer s G N for which following conditions are satisfied: 

(FC1) 3v G N(u) : L v u (t) - L u (t) > (s - 1 - A) k {u>v} , and 

(FC2) W G N(u) : L u {t) - L«(t) > (a - 1 + A) k {u , u} . 

Conversely, if a node is far behind some neighbor, and no other neighbor is too far ahead of it, 
it enters slow mode and uses the slow rate. The following rule is used to determine when to enter 
slow mode. 

Definition 5.2 (Slow condition SC). At time t, a node u € V satisfies the slow condition, denoted 
SC, if there is an integer s G N >0 for which the following conditions are satisfied: 

(SC1) 3v G N(u) : L u (t) - L" u (t) > (s - \ - A) ■ k {u>v} , and 
(SC2) W G N(u) : Ll(t) - L u (t) < (s - \ + A) • k {uM . 

To show that the algorithm is realizable, we show that the two conditions are disjoint. 
Lemma 5.2. No node can satisfy SC and FC at the same time. 

Proof. Suppose by way of contradiction that u satisfies both SC and FC at time t. Then there is 
an integer s G N >0 for which 

(SC1) 3v G N(u) : L u (t) - L v u (t) > (s - \ - A) ■ k {uM , and 
(SC2) Vv G N(u) : L v u {t) - L u (t) < (s - \ + A) ■ k {uM , 
and there is another integer s' G N >0 such that 
(FC1') 3v G N(u) : L v u {t) - L u (t) > (s' — 1 — A) ■ k {uM , and 
(FC2') Vv G N(u) : L u {t) - L v u (t) < (s' - 1 + A) ■ K{UtV} . 
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For the node v whose existence is stipulated in condition (FC1 ')[ we have 



|(FC1')| _ |(SC2)1 / i \ 

s'-l-A) • k {U)V} ^^ L v u (t) - L u {t)^^ Is - - + A) -k {%v} , 



which implies that s 1 < s + \ + 2A. However, from condition (SC1 )[ there exists a node v' for 
which 
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_ , |(FC2')| 

S ~ 2 ~ A J ' K{u ' v} ~ u ^ ~ L " ^ - ( s ' ~ 1 + A ) ' 

and hence s' > s + \ — 2 A. Since A < \, together we have s < s' < s + 1, which is impossible 
because s and s' are integers. □ 



slow mode 



at at 



FC 



SC 



fast mode 



Jt Lu = {1 + ^ft H - 



Figure 1 : The automaton from Alg. Q] 

A formal description of the algorithm, in the form of a timed I/O automaton (see [9]), is given 
in Alg.Q] The switching between the modes is depicted in Figured] 



6 Analysis 

We define a parameter a > 2, which serves as the base for the logarithm in the gradient skew 
bound. The correctness of the algorithm relies on the following assumption, which (informally) 
states that \i is large enough to allow nodes that are behind to catch up. 

Property 6.1 (Requirement on fj). We require 

li > 4*-?—. (3) 
1-p 
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automaton ClockSync 
signature 

|_ internal enter_fast_mode, enter_slow_mode 

variables 

H u : Real := 
L u : Real := 

L v u : Real := 0, for each v 6 N(u) 
mult u : discrete Real := 1 
|_ mode u : Boolean := slow 
transitions 

internal enter_f ast_mode 
precondition: 
FC 

effect: 

rnoden := fast 
mult := 1 + // 

internal enter_slow_mode 
precondition: 
SC 

effect: 

mode u := slow 
mult := 1 

trajectories 
stop when 

(SC holds and mode u = fast) or (FC holds and mode u = slow) 

evolve 

1 - p < f t H u < 1 + p 

di Lu= mult « • Tt H u 
Algorithm 1: A TIOA formulation for the algorithm from Section [5] 
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Let V denote the set of all paths in the graph G cst (including non-simple paths), and let V(v) C 
V denote the set of paths that start at node v. Given a path P = vq, ■ ■ ■ , v k € V, we denote 
Kp := J2i=o K {vi,v i+1 }- Given two nodes u, v € V, the distance between u and v is defined by 

dist(n, v) := min Kp, (4) 
P=u,...,v 

and the diameter of the graph G cst is defined by 

V := maxdist(ii, v). (5) 

u,v 

We show that the following invariant, which we denote C, is maintained throughout any exe- 
cution of the algorithm. 

Definition 6.1 (Legal State). We say that the network is in a legal state at time t if and only if for 
all s G N >0 and all paths P = vq, . . . ,Vk, if 

2V 

K P (t) > C s := — , 
cr 

then 

L Vk (t) - L VQ (t) < s - k p . 

In particular, if the network is legal at time t, then for every two nodes u, v and integer s > 1 
such that dist(u, v) > C s , we have L u (t) — L v (t) < s ■ dist(u, v ). 

To show that the network is always in the safety region defined by the legal state condition, we 
show that whenever some path comes close to having illegal skew, the algorithm acts to decrease 
the skew, pulling the system back into the safety region. 

We cannot guarantee that a node will always "realize" when it is on a path that has too much 
skew: each node only has knowledge of its local neighborhood, and this local image may not reflect 
a large skew further down the path. We can, however, show that when the skew is close to being 
illegal, the nodes that are "the most behind" or "the most ahead" (in the sense defined formally 
below) do realize that they must act to correct the skew. We will show that such nodes enter fast or 
slow mode as appropriate. 

Since we can only argue about nodes that, roughly speaking, maximize some notion of weighted 
skew (defined below), we will employ the following technical lemma several times. 

Lemma 6.2. Let g±, . . . ,g n : R- — > R- be differentiable functions, and let [a, b] be an interval 
such that for alii € {1, . . . , n} and x £ (a, b), if gi{x) = maxj gj(x) then ^gi{x) < r. Then for 
all x € [a, b], maxj gi{x) < maxj gi{a) + r ■ (x — a). 

We define two different notions of "weighted skew": one captures how much a node vq is 
ahead of any other node, and the other captures how far behind it is. The weights in both cases are 
proportional to the uncertainty on the path, but use different constants. These notions correspond 
exactly to the the fast and slow conditions, respectively. 
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Definition 6.2. Given an integer s G N, a time t, and a path P = vq, . . . , Vk G V, we define 
Ep(t) := L Vo (t) - L Vk (t) - (s — 1) • Kp, and 3* (t) := max Ep(t). 

P£V(v ) 

Definition 6.3. Given an integer s G N, a time t, and a path P = vq, . . . , EV, we define 

V P (t) := L Vk (t) - L vo {t) - (s - iV K P , and % (t) := ^max ) V P (t). 

These definitions induce "inner safety regions" 3 s := [max„ < 0] and := [max„ ^ < 
0] for any s G N >0 , with H s C * s C C (see Fig.©. 




Outside trail- 
ing nodes are in fast 
mode, leading nodes 
are in slow mode 

Outside 3 s : trail- 
ing nodes are in fast 
mode 



Figure 2: Regions 3 s , and C Arrows illustrate the possible dynamics acting on the weighted 
skew in each region. 

The next lemma can be thought of as bounding how far the system can stray outside the bound- 
ary of 3 s and ty s while still being in a legal state. 

Lemma 6.3. If the network is in a legal state at time t, then for all nodes u G V and integers s > 1 
we have E s u (t) < < C a - X . 

Proof. It is sufficient to show that for all paths P = u, . . . , v and for all s > 1, 

L u (t) - L v {t) - (s - 1) • K P < C s _i. (6) 

Let r > 1 be the minimal integer such that dist(u, v) > C r . (Note that dist(u, v) < V < Co, and 
therefore r is well-defined.) Because the system is in a legal state at time t, we have 

L u (t) — L v (t) < r ■ dist(u, v) < r ■ Kp, 

which can be re-written as 

L u (t) - L v (t) - (s — 1) • Kp < (r - s + 1) ■ Kp. 
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It is therefore sufficient to show that 

(r- 8 + 1) -K P <C a -L (7) 

If r < a, the left-hand side of ([7]) is at most 0. Since C s _i > 0, © holds in this case. Otherwise, 
if r > s, then by choice of r we have up < C r -i, and therefore, 

(r - a + 1) ■ k p < (r - a + 1) ■ C r _i = V 1 • C s _i < C s _i. 

The last inequality holds because x + 1 < 2 X for all x € N and a > 2. This shows that |7]) holds 
in this case as well. □ 

Next we show that while the system is outside the region 3 s , nodes that are "the most behind" 
(maximize H with respect to some other node) will be acting to catch up, and while the system is 
outside the region \l/ s , nodes that are "the most ahead" (maximize ^ with respect to some other 
node) will be held back from moving too quickly. 

Lemma 6.4. Given s € N, a node Vq £ V, and a time t, let P = Vq, . . . , Vk 6 V(vq) be a path 
starting at vofor which Ep(t) = E* (£). IfS^ Q (t) > 0, then Vk is in fast mode. 

Lemma 6.5. Given s € N, a node vq G V, and a time t, let P = vq, . . . , Vk € V(vo)(t) be a path 
starting at Vofor which &p(t) = \l/* (i). If^^ Q (t) > 0, then is in slow mode. 

The proofs of the two lemmas are very similar. 

Proof of Lemma W4\ We set out to show that satisfies FC. 

Consider any path P' = vq,...,v G V(vq) that ends at a neighbor v of Vf.. Since 3p(t) = 

S S (*) = max QeP(« ) 5 q(*)> we have S P'W ^ s p(*); tnat is > 

L Vo (i) - L„(i) - (s - 1) ■ Kp/ < L vo (t) - L Vk (t) - (s - 1) • k p . 

Re-arranging yields L v (t) — L Vk (t) > (s — 1) • (rep — Kp>), and applying Property |4. II we obtain 

L v Vh (t) - L Vk (t) > L v (t) - e {VjVk} - L Vk (t) > 

> (s - 1) ■ (rep - k P i) - e{v,v k }- (8) 



To show (FC1 ) is satisfied, let P' be the subpath vo, . . . , v^-i of P, where Vk-\ € N(v). Note 
that since Ep(t) > it must be that k > 0, and thus is well-defined. For this choice of P', 
® yields 



Hi \t) - L Vk (t) >(*-!)■ (k p - k p ,) - e {vh _ uVk} 



(Prop.lTll 

(S - 1) • K^.!,^} - Hv k ^,v k } > (S — 1 — A) Kj^.,^}. 
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This shows that (FC1) is satisfied. To show that (FC2) holds, let v £ N(vk) be any neighbor of 
v k, and let P' = vo, ■ ■ ■ , v^,v be the path obtained by appending v to the path P. In this case © 
yields 

L Vh (t) - L v Vk (t) < (s - 1) ■ (k p , - K P )+e {v ^ Vk} = 

(Prop.im 

= ( s - 1) ' K {v,v k } + e {«,« fc } < (s - 1 + A) • «{„,„ fe }- 



Hence, the second condition is satisfied as well, and node Vk is in fast mode. 



□ 



Proof of Lemma lo31 We set out to show that Vk satisfies SC. 

Consider any path P' = vo, . . . , v G P(t>o) that ends at a neighbor « of Vf.. As before, since 
* P (t) = % (t) = max Qe p (t , o) we can write 



(9) 



L v (t) — L VQ (t) 

and again applying Property [4. 11 we obtain 

L v Vk (t) - L Vk (t) < L v (t) + e {v>Vk} - L Vk (t) < 

< (s - • («p' - k p ) + e {l)jl , fe} 

For (SC1")} consider the subpath P' = Vq, . . . , of P, where E N{v^). Inequality dTOb 
yields 

L Vk (t) - L v v l~ l (t) > ( s - - J ■ (k p - k P /) - e {Vfe l)Ufc} = 



(10) 



S • K 



(Prop. ED 

> 



' K {v k - 1 ,v k } e {v k -i,v k } 



s ~ 2 - A ) • K{v k _ u v k }, 



> 



and so (SC1) is satisfied. For (SC2)[ let v G N(vk) be any neighbor of and let P' 
Uq, • • • , Vk, v be the path obtained by appending v to P. Inequality ( flOl now gives 



L v k {t) - L v k (t) < [s - - • (Kp/ - K P ) + e {l , jl)fe} 



1 

S ~2 



(Prop.HTl 

< 



K {v,V k } + e {v,v k } < 



which shows that (SC2) is satisfied as well. 



□ 
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Suppose that at time t, node v has > 0. From Lemma [6~4l all the nodes that maximize 

E s are in fast mode, trying to catch up to v, and their logical clock rate is at least (1 — p)(l + p). 
Thus, whenever it is positive, decreases at an average rate of at least (1 — p)(l + p), minus the 
rate by which v increases its own logical clock. To formalize this observation, define 



to be the amount by which v increases its logical clock over the time interval [ti,^]- Since 
■^L v (t) > 4j.H v {t) > 1 — p we have the following property. 

Property 6.6. For all nodes v and times ti, t2 we have T v (t\, £2) > (1 — p)if2 — ^i)- 

Now we can state the following lemma. 

Lemma 6.7 (Catch-Up Lemma). Let vq be a node and let [to, t\] be a time interval such that for 
allt € (to,ti) we have H£ (i) > 0. Then for all t € [to,£i]> 



Similarly, whenever (t) > 0, the nodes that maximize ^ are in slow mode, and their logical 
clocks increase at a rate of at most 1+p. Thus, whenever it is positive, ^ (t) increases at an average 
rate of at most 1 + p, again minus v's increase to its own logical clock. This is captured by the 
following lemma. 

Lemma 6.8 (Waiting Lemma). Let vo be a node and let [to, t±] be a time interval such that for all 
t £ (t , ti) we have (t) > 0. Then for all t G [t , h\ 



(11) 



(t) <E s Vo (t )+l Vo (t ,t)-(l-p)(l + fi)(t-t ). 



(12) 



n Q (t) < %m - i vo (t ,t) + (1 + P )(t - 1 ). 



(13) 



The proofs of Lemmas 16.71 and 16781 involve a straightforward application of Lemma I6T21 



Proof of Lemma W7A Consider the set of functions {gp}p e -p^ defined by gp(t) := S 
X VQ (to, t). Observe that for all t, 



: P (t) 



P&T(v ) P 



max gp(t) = max (Ep(t) - l Vo (t , t)) = 




1=1 vo 



(t) — Iv {to, t). 



(14) 
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In addition, I VQ (to, to) = 0. Therefore (fl2l ) can be re- written as 



? 



max ap{t) < max Qp(t ) - (1 - p)(l + /z)(t - t Q ). (15) 
P€V(v ) PePfuo) 

Next, substituting the definition for (t) and 2 VQ (to,t) we obtain 

g P (t) = L vo (t) - L Vk (t) - (s - 1) • k p - L V0 (t) + L vo (t ) = 
= -L Vk (t) - (s - 1) • k p - L Vo (t Q ), 



and therefore, 



d d 
dt 9p{t) = ~dt 



9p(t) = ~L Vk (t). (16) 



If P is a path such that gp(t) = maxg gg(t), then P also has Hp(t) = 3£ (t). Since S* (t) > 
for any t 6 (to, ti), we can apply Lemma [6~4l to obtain that whenever #p(t) = maxQ gq(t) where 
P = v , . . . ,Vk, node v k is in fast mode and f t L Vk (t) = (1 + fi)^H Vk (t) > (1 - /))(1 +//). This 
is sufficient to apply Lemma [6721 to the interval [to, t], which yields (fTSl . □ 

Proof of Lemma I6T51 Consider the set of functions {5p}p e -p( Vo ) defined by grp(t) := VPp(t) + 
2"„ (to, t)- Observe that for all t, 

max g P (t) = max(^p(t) + 2^ (t ,i)) = 
PeV(v ) P 

= (m^ s P (t)] +X Vo (t ,t) = 

= % (t)+l V0 (t ,t). (17) 
In addition, I VQ (to, to) = 0. Therefore (fT3T ) can be re- written as 

max gp{t) < max 5p(io) + (1 + p)(t - *o)- (18) 
PePM PePM 

Next, substituting the definitions for \PJ (t) and Z„ (to, t) we obtain 

gp(t) = L Vk (t) - L V0 (t) - - • kp + - i« (*o) = 

= W*) - ( s - ^ ' K P - ^o(*o), 

and therefore, 



cft^ v " y dt 



- 5 p(t) = -L tIfc (t). (19) 
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If P is a path such that g P (t) = max Q gc}(t), then P also has ^p(t) = ^ s VQ (t). Since ^ s VQ (t) > 
for any t G (to, t±), we can apply Lemma [631 to obtain that whenever gp(t) = maxQ gq(t) where 
P = vq, . . . , Vk, node v k is in slow mode and 4rL Vk (t) = ^H Vk (t) < 1 + p. This is sufficient to 
apply Lemma [6T2l which yields ( PT8T ). □ 

Intuitively, until now we argued that if vo is too far ahead of other nodes then those nodes will 
be in fast mode, and if vq is too far behind other nodes then those nodes will be in slow mode. What 
does vq itself do when it is too far behind? Observe that if there is some path P = vo, . . . , v k such 
that *p(i) > 0, then for the inverted path P' = v k , . . . , v we have E s p ,(t) > ^ s P (t) > 0. Thus, 
informally speaking, whenever is too far behind some other node it will be "pulled forward" at 
the fast rate. The next lemma quantifies how much ground vo makes up during an interval in which 
it is far behind: it states that given sufficient time, the node makes up all the initial weighted skew 

in addition to its minimal rate of progress (1 — p). 

Lemma 6.9. For any node vq, integer s € N >0 and time interval [to, £i] where t\ > to + nz^ji > 
if the network is in a legal state at time to, then 

T V0 (to,h) > ^ (i ) + (1 - P)(ti - to). 



Proof. If ^ (io) < 0, the claim follows immediately from Property 16.61 Thus, assume that 
^v (to) > 0, and let P = vo, ■ ■ ■ , Vk be a path such that ^>p(to) = ^l (to). From the definitions 
of ^ and S, for the inverted path P' = v k , ■ ■ ■ ,vo we have Ep,(to) > ^p(to), and therefore, 
s S fc (*o) > > 0. If there is a time t G [t ,ti] such that S* fe (t) < 0, let t be the infimum of 

such times. Otherwise, let t = t\. Observe that 

Zv (to,i) = L vo (i) — L vo (to) = 

= ( L v k (to) ~ L vo (t ) - (s - 1) k p ) - (L Vk (t) - L vo (t) - (s - 1) k p ) + L Vk (t) - L Vk (t ) = 
= Ep,(t )-E P ,(t)+l Vk (t ,i) > 
>^p(to)-E s 0k (t)+l Vk (t ,t) = 
= % o (to)-Z s Vk (t)+l Vk (to,t). 

Since t < t\ and 2 VQ (to,-) is non-decreasing and interval-additive, to prove the claim it is sufficient 
to show that l Vk (t , F) >E s Vk (t) + (l-p)(t-t ). 

Consider first the case where t < t\. In this case i is the infimum of times t where E s Vk (t) < 
0. Since S£ (•) is continuous, it follows that El k (t) = 0, and using Property 16.61 we obtain 
l Vk (to,i)>k s Vk (t) + (l-p)(t-to). 

Otherwise, if t = t\, then for all t G [to, t\) we have (t) > 0. Applying Lemma [6771 to the 
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interval [to, ti] we obtain 



l s Vk (h) <5^(t )+^ fe (io,ii)-(l-p)(l + M)(ii-io) < 

Lemma lOl Cs—1 

< C s _ x +T Vk (t ,h) - (1 -p)n- ^ ) ~ 
= X„ fe (*o,*i) - (1 -*o), 



which yields the desired result. □ 

Now we are ready to put all the pieces together and prove the main theorem: 
Theorem 6.10. The network is always in a legal state. 

Proof. Suppose for the sake of contradiction that this is not the case, and let i be the infimum of 
times when the legal state condition is violated. Then there is some path P = vq, . . . , i>& and some 
s > 1 such that Kp > C s but 

L vo (t) -L Vk (t) > s-k p . (20) 



For the legal state condition to be violated, the system must be far outside the boundary of *& s : 

/ 1\ dD 1 1 1 

K k (t) > L vo (t) - L Vk {i) -ls-~)-K P > -kp > -C s = — Cs-x. (21) 

However, Lemma [6781 tells us that whenever is large it cannot increase quickly, which gives Vk 
time to catch up. More specifically, if to is the supremum of times t < i such that (t) < 0, then 
Lemma [6781 shows that 

(Prop.RT6t 

V s Vk (t)<n k (to)-Zv k (t ,?) + (l + p)(i-t Q ) < 2p(i-t ), (22) 



and combining ((2TJ) and (1221) we see that to < t — < t — r^tph ■ According to Lemma [6791 





this is sufficient time for to increase its clock by 

Iv k (to,t) > % k (t ) + (1 - p)(i-t ), (23) 
which we combine with the first inequality of ([22l to obtain 



\l-p)p < 2a' 



*S fc (t) < *S fc (to)-^ fc (to,t) + (l + p)(<-<o) < 2 P /1 5 i < — C 8 _i, 



in contradiction to (I21[) . □ 

As an easy corollary we obtain the following. 
Theorem 6.11. The global skew of the algorithm is bounded by 2V. 
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Theorem \6.11\ Theorem 16. 101 allows us to use Lemma [631 at any time t. For any two nodes u, v, 
let P be a path from u to v. Lemma [6731 states (in particular) that 

C > 3i(i) > H P (i) > L v (t) - L u (t) - (1 - 1)« P = L v (t) - L u (t), 

and since Co = 2D, the claim follows. 

Corollary 6.12. If a = 8(1//?), /i = 0(1/(1 - />)) and fs e = 9(e e )/or a// e e £ cst , ?/ien 
f/ze algorithm achieves O fdist(u, v) • logy p T>\ -gradient synchronization, with a global skew of 
0(V). 
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Appendix 



A The Estimate Layer 

A.l Error analysis for direct estimates 

To analyze the error in a direct estimate at time t, let t snd be the last time node v sends a message 
that node u receives by time t. Let t ICV < t be the time when u receives the message, and let L be 
the clock value the message carries. 

During the interval [t TCV , t], node u increases Lu direct at the rate of its own hardware clock, and 
therefore 

(1 - p)(t - i rcv ) < L£ direct (i) - L < (1 + p){t - trcv). (24) 
Also, from Requirement 13.21 

(1 -a)(t- t snd ) < L v (t) - L < (1 + /3)(t - t snd ). (25) 

Because t rcv E [t snd , t snd + T], we can re- write (l24l to obtain 

(1 -p)(t- t snd — T) < L^ dircct (t) - L < (1 + p)(t - t snd ), (26) 

and subtracting (l26l > from (|25T ) yields 

- (a + p)(t - W) < ^(*) " ^' direct (t) < (/? + p)(t - tsnd) + (1 " (27) 

Finally, since u broadcasts every AH subjective time units, at time t' snd < t snd + node v 
broadcasts again, and the second broadcast is received by u at time t' snd + T at the latest. The 
second broadcast is not received by time t, and it follows that t snd > t — — T. Substituting 
this bound in d27l ), we get 

-(a + p) (0- + T) < L v (t) - LZ^it) <(/3 + p) [0 + r\ + (1 - p)T. 
A.2 Error analysis for RBS estimates 

Let v € N 2 (u). Suppose that at time t, time t x is the latest time an event x occurs such that node 
u receives a report(t>, x, L) message by time t. Let i rcv be the time at which u receives the report, 
and let t v x be a time such that L = L v {t v x ), and let i" be a time such that H = H u (t x ). We know 

that t x ^ ^xi — ^ ^rcv* 

As before, we have 

(1 -p)(t- t rcv ) < LY bs (t) -L- H u (t ICV ) + H u {t u x ) <(l + p)(t- t rcv ), (28) 
(1 - p)(t rcv - t u x ) < H u (t rcv ) - H u (t u x ) < (1 + p)(t rcv - t u x ), (29) 
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and 

(1 -a)(t- t v x ) < L v (t) - L < (1 + (3)(t - t v x ). (30) 
Summing (|28]> and ([29]> yields 

(1 ~p)(t- Q < LY hs (t) -L<(l + p)(t-t u x ), (31) 

and because t x , t v x E [t x , t x + u ICV ], we can re- write (|30l and (|3TT > as 

(1 - p )(t-t x - u ICV ) < L v / bs (t) - L < (1 + p)(t - (32) 

and 

(1 - «)(t - t x - n rcv ) < L„(t) - L < (1 + /3)(t - t x ). (33) 
Subtracting 02l from d33l we obtain 

- (a + p){t - t x ) - (1 - a)u rcv < L v {t) - L v / hs (t) <((3 + p)(t- t x ) + (1 - p)u rcv . (34) 

Since every node broadcasts every ^| time units at most, at some time t y <t x + the common 
neighbor of u and v will broadcast again, and both nodes will record the event. The corresponding 
report (•) will be received by u no later than time t y + V. Since no such message is received before 
time t, we have t x > t — j^- — V. Substituting in (l34l . we get 

-(a + P ) (0 +Vj-(1- a)u ICV < L v {t) - L^ rbs (t) < 

< 09 + p) (0- + n + C 1 - /°)^v 
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